<?php
$result = [];
try {
    if (!$_GET['xh']) throw new Exception('必须要提供删除记录的学号信息');
    session_start();
    $hasRight = $_SESSION['user']['xh'] === $_GET['xh'] || $_SESSION['user']['isAdmin'];
    if (!$hasRight) throw new Exception('Sorry,你没有删除他人记录的权限。');
    $db = new PDO("mysql:host=localhost; dbname=db2;", 'root', '123456');
    $db->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
    $ps = $db->prepare('delete from students where xh = ? and isAdmin = 0');
    $ps->execute(array($_GET['xh']));
    if ($ps -> rowCount() === 0) throw new Exception('删除失败');
    if ($_SESSION['user']['xh'] === $_GET['xh']){
        unset($_SESSION['user']);
        $result['logout'] = true;
    }
    $result['ok'] = true;
} catch (Throwable $e) {
    $result['ok'] = false;
    $result['msg'] = $e->getMessage();
}
echo json_encode($result,JSON_UNESCAPED_UNICODE);
